Header Key Cookies and Referer got response 401 - node.js

I tried to call external API in my API server with axios and it worked. this is the code
const result = await axios.get(
`http://external-api-url-here.com/example-endpoint/xyz`,
{
headers: {
"Content-Type": "application/json",
"App-key": 'ExAmPl3_KeY-H3r3',
"key-platform": 'admin-desktop',
},
}
);
but the problem is when I try the code in my web client application, when it runs in the browser and tries to make a request with the code it doesn't work, getting a 307 response.
Then I added withCredentials: true in the axios header. getting a 401 response,
then I copied cURL from the browser and imported it into postman and it turned out that what made the API response fail was Cookies and Referer. When I remove those 2 key headers from postman, I get response 200.
what is the solution for this?
I want to that code get response 200 at the browser

Related

Axios GET request sends empty req.body to server

I'm trying to make a GET request in my React app but Axios seems to send an empty request body for some reason. I know there's (most likely) nothing wrong in the backend as I'm able to make the requests perfectly fine with Insomnia. I've tried the following till now and none of the seem to work:
const response = await axios.get(URL, { email })
const response = await axios({
method: "get",
url: URL,
data: { email }
})
I'm using the express.json() middleware in the backend.
From the RFC 7231
A payload within a GET request message has no defined semantics;
sending a payload body on a GET request might cause some existing
implementations to reject the request.
So do not rely on body data for GET request and use appropriate HTTP method like POST, PUT etc.
Moreover, if you want to send Query params with your GET request, both code snippets you shared above will not work. Instead do it like below.
// using get method
const response = await axios.get(URL, {
params: {
ID: 12345
}
});
// using Axios API
const response = await axios({
method: "get",
url: URL,
params: {
ID: 12345
}
});

How to use cookies from response in redirect request

I am running a node.js app locally, in which I am trying to programmatically login into a server.
As shown in the figure, the login process consists of two steps. Firstly, when a user hits the /login route, receiving an authentication cookie in return. And secondly, a redirect to the / route using this cookie, or at least this is how I understand it.
This works fine in browsers, and in Postman, but it fails using the node.js app, for which I tried most of the popular http libraries (axios, follow-redirects, and built-in https).
The reason which I think it fails, is that the app does both requests together, without sending the auth cookie in the GET / request.
So my question is, how to force the app to use to returned cookie in the redirected request?
Below is a snippet of one of my trials using Axios:
axios({
method: 'post',
url: 'www.example.com/login',
withCredentials: true,
crossdomain: true,
data: loginCreds,
headers: {
"Content-Type": "application/x-www-form-urlencoded",
"Cache-Control": "no-cache",
"Content-Length": Buffer.byteLength(loginCreds),
"Host": 'www.example.com'
}
}).then(res => {
console.log(res);
});
}).catch(err => {
console.log(err);
});

Why is my HTTP get request giving me a 403 error?

I am trying to web scrape a site using a node.js server. I am using axios to make my http request. When I make the request I get a 403 error from the server.
Using Postman I can successfully make the request and return the HTML file. Why is Postman able get a 200 code and my request fails? What are some things I can try to successfully make the request?
//basic axios request Im using
axios.get(url)
.then(response => {
console.log(response.data);
})
.catch(error => {
console.log(error);
})
Got exactly same situation: authorized only POST method working on postman, not working with axios.
Fixed it instead of calling axios.post(), calling:
axios({
method: 'POST',
url: 'http://localhost:1337/post',
headers: {
Authorization: `Bearer ${localStorage.getItem('token')}`
},
data: payload
})
For hint : Refer this github issue

POST request working on Postman but not on JS

Been trying for a couple of days but can't get this request to work on NodeJS, used several request modules (axios, request, node-fetch) but the returned body is blank, same goes for postman if raw option is not selected for body.
Here is how I need to format the body on postman for the request to work:
And this is my last iteration of the request, using node-fetch:
const rawResponse = await fetch(
urlRenfe,
{
method: 'POST',
headers: {
"Cookie": cookie,
"Referer": "https://venta.renfe.com/vol/infoPuntualidadTrenes.do",
"Accept": "*/*",
},
body: `callCount=1
windowName=
c0-scriptName=infoPuntualidadTrenesSvcAjax
c0-methodName=getInfoPuntualidadTrenes
c0-id=0
c0-e1=string:71500
c0-e2=string:X7090115
c0-param0=Object_Object:{cdgoEstacion:reference:c0-e1, terminal:reference:c0-e2}
batchId=1
instanceId=1
page=%2Fvol%2FinfoPuntualidadTrenes.do
scriptSessionId=6ngaztWVMGx8q6B16ABXAlLU1Om/LwA22Om-u7tpxIlXl`
}
);
const response = await rawResponse.text();
I know 100% the headers, url and method are ok, it has to be the body, either on the library or my configuration for it.
Thanks a lot if you give me a hint on how to solve this.

CORS in Ionic and third party api(Smartsheet)

I am trying to get data from smartsheet API. When I use postman and nodejs in separate server code, it works.
But if I use the API inside the Ionic with HttpClient (#angular/http) it gives CORS issue with run in browser.
Failed to load https://api.smartsheet.com/2.0/sheets/1235941564208899972: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8100' is therefore not allowed access.
And also I have tried with a proxy setup like below:
"proxies": [{
"path": "/2.0",
"proxyUrl": "https://api.smartsheet.com/"
}]
home.ts:
let headers = new Headers({ 'Access-Control-Allow-Origin': '*', 'Authorization': 'Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxx' });
let options = new RequestOptions({ headers: headers });
this.HttpClient.get('/2.0/sheets/1235941564208899972', options).pipe(
map(res => res.json())
).subscribe(data => this.response = data);
I am still getting localhost 404 error only.
If Ionic is using CORS to talk to the Smartsheet API, that will not work. The Smartsheet API does not currently support CORS.

Resources